Example: Using the Allscripts sandbox for anonymous access
Allscripts provides a sandbox environment that you can use for testing purposes.
Obtaining a token is not needed. The samples provided here use an unauthorized call.
This endpoint is provided for convenience, and is intended to assist developers getting started with Allscripts FHIR API. All access to the Allscripts FHIR API will be secured in production environments.
See the example below for more information on getting an OAuth2 token.
Step 1: Search for a patient
Once you have the bearer token, you can call the API. Use it to search for a patient called Allison.
GET https://tw171.open.allscripts.com/FHIRanon/Patient?_summary=true&given=Allison
Note: This example uses an anonymous endpoint, so you don’t need the bearer token.
This returns a collection of patient references.
Note: FHIR returns this collection as a bundle. When developing the app, you must consider the bundle, but it does not apply to this example.
{
"resourceType": "Bundle",
"type": "searchset",
"entry":[
{
"resource":{"resourceType": "Patient", "id": "47675", "language": "", "text":{"status": "generated",…}
},
{
"resource":{"resourceType": "Patient", "id": "1556", "language": "", "text":{"status": "generated",…}
},
{
"resource":{"resourceType": "Patient", "id": "27190", "language": "", "text":{"status": "generated",…}
},
{
"resource":{"resourceType": "Patient", "id": "36530", "language": "", "text":{"status": "generated",…}
}
]}
Step 2: Retrieve a patient
To retrieve the information for the patient with ID 19, issue the following request:
GET https://tw171.open.allscripts.com/FHIRanon/Patient/19
Note: This example uses an anonymous endpoint, so you don’t need the bearer token.
This returns the patient information.
{
"resourceType": "Bundle",
"type": "searchset",
"entry": [{"resource": {
"resourceType": "Patient",
"id": "19",
"extension": [
{
"url": "http://hl7.org/fhir/StructureDefinition/us-core-race",
"valueCodeableConcept": {"coding": [ {
"system": "OBM",
"code": "0",
"display": " "
}]}
},
{
"url": "http://hl7.org/fhir/StructureDefinition/us-core-ethnicity",
"valueCodeableConcept": {"coding": [ {
"system": "OBM",
"code": "0",
"display": ""
}]}
},
{
"url": "http://hl7.org/fhir/StructureDefinition/us-core-religion",
"valueCodeableConcept": {"coding": [ {
"code": " ",
"display": " "
}]}
}
],
"identifier": [ {
"type": {
"coding": [
{
"code": "ZZZTW01",
"display": "ZZZTW01",
"userSelected": false
},
{
"code": "4 ",
"display": "Other",
"userSelected": false
}
],
"text": "TouchWorks MRN"
},
"system": "dummy identifier system",
"value": "ZZZTW01",
"assigner": {"reference": "Organization/3"}
}],
"active": true,
"name": [ {
"text": "Allscripts,Allison ",
"family": ["Allscripts"],
"given": ["Allison"],
"prefix": [" "],
"suffix": [" "]
}],
"telecom": [
{
"system": "phone",
"value": "(312) 555-1112",
"use": "home"
},
{
"system": "phone",
"value": "(847) 608-3515x4357 ",
"use": "work"
},
{
"system": "fax",
"value": "(708) 555-1001"
},
{
"system": "email",
"value": "allison@allscripts.com"
}
],
"gender": "female",
"birthDate": "1973-03-05",
"deceasedBoolean": false,
"address": [ {
"text": "34 Smith Mt. Road. Apartment 1 Springfield IL 60654 USA",
"line": [
"34 Smith Mt. Road.",
"Apartment 1"
],
"city": "Springfield",
"state": "IL",
"postalCode": "60654 ",
"country": "USA"
}],
"maritalStatus": {"coding": [ {
"system": "http://hl7.org/fhir/v3/vs/MaritalStatus",
"code": "W",
"display": "Widowed"
}]},
"multipleBirthBoolean": false,
"contact": [
{
"relationship": [{"coding": [ {
"code": "4 ",
"display": "Other"
}]}],
"name": {
"text": "Washington George",
"family": ["Washington"],
"given": ["George"]
},
"telecom": [
{
"system": "other",
"value": "(312) 555-1101",
"use": "home"
},
{
"system": "other",
"value": "(773) 555-1201x1101",
"use": "work"
}
],
"address": {
"line": [
"123 Waulnut Street",
"Apartment 2E"
],
"city": "dummy address city",
"state": "dummy address state",
"postalCode": "dummy address postal code",
"country": "dummy address country"
}
},
{
"relationship": [{"coding": [ {
"code": "4 ",
"display": "Other"
}]}],
"name": {
"text": "Adams Abigail",
"family": ["Adams"],
"given": ["Abigail"]
},
"telecom": [
{
"system": "other",
"value": "(312) 555-7701x8850",
"use": "work"
},
{
"system": "other",
"value": "(847) 555-9901",
"use": "home"
}
],
"address": {
"line": [
"123 Main Street",
"Apartment 41"
],
"city": "dummy address city",
"state": "dummy address state",
"postalCode": "dummy address postal code",
"country": "dummy address country"
}
}
],
"communication": [{"language": {"coding": [ {
"system": "ISO-639-2",
"code": "eng ",
"display": "English"
}]}}],
"careProvider": [ {
"reference": "Practitioner/53",
"display": "Allscripts,Family Medicine "
}]
}}]
}
Example: Using the Allscripts sandbox for secured access
Step 1: Signup for a developer account and register the app
If you have not already completed this step, follow the instructions in Developer Signup and Application Registration to register your application.
After the registration, you should have the following:
ClientIdSecretredirect_uri- You provide this. The is the URL where the application will reside once authorization is completed.
- If you have a mobile application, use
urn:ietf:wg:oauth:2.0:oob. - If you have a web application, use the approrpiate URL.
- If you are testing with SOAP UI, use
http://localhost/callback.
- If you have a mobile application, use
- You provide this. The is the URL where the application will reside once authorization is completed.
Step 2: Obtain a bearer token
You must use the OAuth 2.0 authorization client that is built into the framework you are using. Refer to: Helpful resources.
Note: The examples provided use a TouchWorks EHR FHIR sandbox. See Sandboxes for sandboxes available for other Allscripts products including Sunrise and Professional EHR.
Review the following data items:
OAuth 2 Flow:Authentication Code GrantAuthorization URI:https://tw171.open.allscripts.com/authorization/connect/authorizeToken URI:https://tw171.open.allscripts.com/authorization/connect/token
Your OAuth 2.0 authorization client issues a request similar to the following:
https://tw171.open.allscripts.com/authorization/connect/authorize?response_type=code&client_id=<your ClientID>&redirect_uri=<your redirect_uri>&scope=launch%20openid%20profile
The Authrorization Server requests your credentials. Contact VeradigmConnect@veradigm.com for credentials.
After you have entered the username and password, the OAuth 2.0 authorization client issues a request to the token endpoint to get the authrorization token. Enter the secret that was provided earlier.
You now have an authorization token that you can use in subsequent calls.
Call the authorization server to get a bearer token.
The authorization server returns a JSON structure:
{
"access_token" : 123.456.7890
"expires_in": 1200,
"token_type": "Bearer"
}
There are other values returned, but they are not used in this example.
The authorization token is is a JSON Web Token (JWT). It uses the format:
nnn.nn.nnnn.
Bearer tokens are valid for a short time, typically 20 minutes. If the bearer token expires, you must refresh it.
Step 3: Retrieve a patient
To retrieve information for the patient with ID 19, issue the following request:
GET https://tw171.open.allscripts.com/FHIR/Patient/19
Authorization: Bearer 123.456.7890
The Bearer token is retrieved in the previous step. It is used in the authorization header.
This returns the patient.